SuSE Update For Gnutls OpenSUSE-SU-2014:0346-1 (gnutls) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The gnutls library was updated to fix SSL certificate validation. Remote man-in-the-middle attackers were able to make the verification believe that a SSL certificate is valid even though it was not. Also the TLS-CBC timing attack vulnerability was fixed.

Affected

gnutls on openSUSE 11.4

References

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1619, CVE-2014-0092

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

SLES10: Security update for freetype2,
SLES10: Security update for NetworkManager-gnome
SLES10: Security update for IBM Java 1.4.2
SLES10: Security update for bind
SLES10: Security update for OpenSSL

SuSE Update for gnutls openSUSE-SU-2014:0346-1 (gnutls)

Take action and discover your vulnerabilities